We need check if tun->numqueues is zero (e.g for the persist device)
before trying to use it for modular arithmetic.
Reported-by: Eric Dumazet <[email protected]>
Fixes: 96f84061620c6("tun: add eBPF based queue selection method")
Signed-off-by: Jason Wang <[email protected]>
---
drivers/net/tun.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index e9ca1c0..dc62fc3 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -596,13 +596,18 @@ static u16 tun_automq_select_queue(struct tun_struct *tun, struct sk_buff *skb)
static u16 tun_ebpf_select_queue(struct tun_struct *tun, struct sk_buff *skb)
{
struct tun_prog *prog;
+ u32 numqueues;
u16 ret = 0;
+ numqueues = READ_ONCE(tun->numqueues);
+ if (!numqueues)
+ return 0;
+
prog = rcu_dereference(tun->steering_prog);
if (prog)
ret = bpf_prog_run_clear_cb(prog->prog, skb);
- return ret % tun->numqueues;
+ return ret % numqueues;
}
static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb,
--
1.8.3.1
When a queue(tfile) is detached through __tun_detach(), we move the
last enabled tfile to the position where detached one sit but don't
NULL out last position. We expect to synchronize the datapath through
tun->numqueues. Unfortunately, this won't work since we're lacking
sufficient mechanism to order or synchronize the access to
tun->numqueues.
To fix this, NULL out the last position during detaching and check
RCU protected tfile against NULL instead of checking tun->numqueues in
datapath.
Cc: YueHaibing <[email protected]>
Cc: Cong Wang <[email protected]>
Cc: weiyongjun (A) <[email protected]>
Cc: Eric Dumazet <[email protected]>
Fixes: c8d68e6be1c3b ("tuntap: multiqueue support")
Signed-off-by: Jason Wang <[email protected]>
---
Changes from V2:
- resample during detach in tun_xdp_xmit()
Changes from V1:
- keep the check in tun_xdp_xmit()
---
drivers/net/tun.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index dc62fc3..f4c933a 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -705,6 +705,8 @@ static void __tun_detach(struct tun_file *tfile, bool clean)
tun->tfiles[tun->numqueues - 1]);
ntfile = rtnl_dereference(tun->tfiles[index]);
ntfile->queue_index = index;
+ rcu_assign_pointer(tun->tfiles[tun->numqueues - 1],
+ NULL);
--tun->numqueues;
if (clean) {
@@ -1087,7 +1089,7 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
tfile = rcu_dereference(tun->tfiles[txq]);
/* Drop packet if interface is not attached */
- if (txq >= tun->numqueues)
+ if (!tfile)
goto drop;
if (!rcu_dereference(tun->steering_prog))
@@ -1310,6 +1312,7 @@ static int tun_xdp_xmit(struct net_device *dev, int n,
rcu_read_lock();
+resample:
numqueues = READ_ONCE(tun->numqueues);
if (!numqueues) {
rcu_read_unlock();
@@ -1318,6 +1321,8 @@ static int tun_xdp_xmit(struct net_device *dev, int n,
tfile = rcu_dereference(tun->tfiles[smp_processor_id() %
numqueues]);
+ if (unlikely(!tfile))
+ goto resample;
spin_lock(&tfile->tx_ring.producer_lock);
for (i = 0; i < n; i++) {
--
1.8.3.1
On 5/8/19 11:20 PM, Jason Wang wrote:
> We need check if tun->numqueues is zero (e.g for the persist device)
> before trying to use it for modular arithmetic.
>
> Reported-by: Eric Dumazet <[email protected]>
> Fixes: 96f84061620c6("tun: add eBPF based queue selection method")
> Signed-off-by: Jason Wang <[email protected]>
> ---
Reviewed-by: Eric Dumazet <[email protected]>
Thanks.
> -----Original Message-----
> From: Jason Wang [mailto:[email protected]]
> Sent: Thursday, May 09, 2019 11:20 AM
> To: [email protected]; [email protected]
> Cc: yuehaibing <[email protected]>; [email protected];
> weiyongjun (A) <[email protected]>; [email protected];
> Jason Wang <[email protected]>
> Subject: [PATCH net V3 2/2] tuntap: synchronize through tfiles array instead
> of tun->numqueues
>
> When a queue(tfile) is detached through __tun_detach(), we move the
> last enabled tfile to the position where detached one sit but don't
> NULL out last position. We expect to synchronize the datapath through
> tun->numqueues. Unfortunately, this won't work since we're lacking
> sufficient mechanism to order or synchronize the access to
> tun->numqueues.
>
> To fix this, NULL out the last position during detaching and check
> RCU protected tfile against NULL instead of checking tun->numqueues in
> datapath.
>
> Cc: YueHaibing <[email protected]>
> Cc: Cong Wang <[email protected]>
> Cc: weiyongjun (A) <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Fixes: c8d68e6be1c3b ("tuntap: multiqueue support")
> Signed-off-by: Jason Wang <[email protected]>
> ---
> Changes from V2:
> - resample during detach in tun_xdp_xmit()
> Changes from V1:
> - keep the check in tun_xdp_xmit()
> ---
Reviewed-by: Wei Yongjun <[email protected]>
Thanks
From: Jason Wang <[email protected]>
Date: Wed, 8 May 2019 23:20:17 -0400
> We need check if tun->numqueues is zero (e.g for the persist device)
> before trying to use it for modular arithmetic.
>
> Reported-by: Eric Dumazet <[email protected]>
> Fixes: 96f84061620c6("tun: add eBPF based queue selection method")
> Signed-off-by: Jason Wang <[email protected]>
Applied and queued up for -stable.
From: Jason Wang <[email protected]>
Date: Wed, 8 May 2019 23:20:18 -0400
> When a queue(tfile) is detached through __tun_detach(), we move the
> last enabled tfile to the position where detached one sit but don't
> NULL out last position. We expect to synchronize the datapath through
> tun->numqueues. Unfortunately, this won't work since we're lacking
> sufficient mechanism to order or synchronize the access to
> tun->numqueues.
>
> To fix this, NULL out the last position during detaching and check
> RCU protected tfile against NULL instead of checking tun->numqueues in
> datapath.
>
> Cc: YueHaibing <[email protected]>
> Cc: Cong Wang <[email protected]>
> Cc: weiyongjun (A) <[email protected]>
> Cc: Eric Dumazet <[email protected]>
> Fixes: c8d68e6be1c3b ("tuntap: multiqueue support")
> Signed-off-by: Jason Wang <[email protected]>
> ---
> Changes from V2:
> - resample during detach in tun_xdp_xmit()
> Changes from V1:
> - keep the check in tun_xdp_xmit()
Applied and queued up for -stable.